File 20146-pygrub-security.patch of Package xen
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1251887904 -3600
# Node ID e513d565c8f1298d26bc614eabd1b7111693a940
# Parent 8fc92779847680fe40a1ee9c2a01b3effc7cd056
pygrub: Match bare-metal GRUB behavior for passwords
The password support patch already merged didn't match the bare-metal
GRUB behavior so I created a patch to match it. If password is entered
in grub.conf file, pressing `p` is required exactly like when using
"real" (bare-metal) GRUB. New options are available after the correct
password is entered.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.3.1-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-3.3.1-testing.orig/tools/pygrub/src/pygrub
+++ xen-3.3.1-testing/tools/pygrub/src/pygrub
@@ -412,16 +412,17 @@ class Grub:
def draw():
# set up the screen
self.draw_main_windows()
- self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
- self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the")
- self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
- # if grub has password defined we allow option to enter password
- if not self.cf.hasPassword():
+ if not self.cf.hasPassword() or self.cf.hasPasswordAccess():
+ self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
+ self.text_win.addstr(1, 0, "Press enter to boot the selected OS, 'e' to edit the")
+ self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+
else:
- self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also")
- self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...")
+ self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
+ self.text_win.addstr(1, 0, "Press enter to boot the selected OS or `p` to enter a")
+ self.text_win.addstr(2, 0, "password to unlock the next set of features.")
self.text_win.addch(0, 8, curses.ACS_UARROW)
self.text_win.addch(0, 14, curses.ACS_DARROW)
@@ -455,20 +456,10 @@ class Grub:
self.screen.timeout(-1)
# handle keypresses
- if c == ord('c'):
- # we disallow access without password specified
- if not self.cf.hasPasswordAccess():
- self.text_win.addstr(6, 8, "You have to enter GRUB password first")
- break
-
+ if c == ord('c') and self.cf.hasPasswordAccess():
self.command_line_mode()
break
- elif c == ord('a'):
- # we disallow access without password specified
- if not self.cf.hasPasswordAccess():
- self.text_win.addstr(6, 8, "You have to enter GRUB password first")
- break
-
+ elif c == ord('a') and self.cf.hasPasswordAccess():
# find the kernel line, edit it and then boot
img = self.cf.images[self.selected_image]
for line in img.lines:
@@ -479,23 +470,18 @@ class Grub:
self.isdone = True
break
break
- elif c == ord('e'):
- # we disallow access without password specified
- if not self.cf.hasPasswordAccess():
- self.text_win.addstr(6, 8, "You have to enter GRUB password first")
- break
-
+ elif c == ord('e') and self.cf.hasPasswordAccess():
img = self.cf.images[self.selected_image]
self.edit_entry(img)
break
elif c == ord('p') and self.cf.hasPassword():
- self.text_win.addstr(6, 8, "Enter password: ")
+ self.text_win.addstr(6, 1, "Password: ")
pwd = self.text_win.getstr(6, 8)
if not self.cf.checkPassword(pwd):
- self.text_win.addstr(6, 8, "Incorrect password!")
+ self.text_win.addstr(6, 1, "Password: ")
+ self.text_win.addstr(7, 0, "Failed!")
self.cf.setPasswordAccess( False )
else:
- self.text_win.addstr(6, 8, "Access granted ")
self.cf.setPasswordAccess( True )
break
elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):
